An action runner is the execution environment for user-implemented actions. EWC comes with
pre-canned action runners such as a remote runner and shell runner which provide for
user-implemented actions to be run remotely (via SSH) and locally. The objective is to allow the
Action author to concentrate only on the implementation of the action itself rather than setting up
the environment.

Normally the exit code of a runner is defined by the exit code of the script or command executed.
All runners return timeout exit code (-9) if the command or script did not complete its execution
within the specified timeout.

This is the local runner. This runner executes a Linux command on the host where EWC is running.

Note

stdout and stderr attributes in the runner result object have the last \n or \r
or \r\n characters removed if present. This is done so you can re-use the result of common
commands that include a trailing line break of carriage return, such as uptime, whoami,
etc., in other actions and workflows. If you have an action which requires a trailing line
break character to be present, you can add it explicitly to the result, e.g.
echo-e'test\n' (this will result into two line break characters and only one of
them will be stripped/removed from the result).

This is a remote runner. This runner executes a Linux command on one or more remote hosts provided
by the user. The last newline character is stripped from stdout and stderr fields in the
output.

Note

By default EWC uses passwordless sudo for to execute commands on local and remote systems, using the
system user (by default stanley). In addition to passwordless sudo, local and remote runners also
support password protected sudo via the sudo_password runner parameter.

With the remote runner, the sudo password is passed to the sudo command as a command line argument.
This means it has some security implications - if bash history is enabled for the system user, the sudo
password will be saved in bash history and any system user with access to that user bash history file
will be able to view it.

bastion_host (string) - The host SSH connections will be proxied through. Note: This connection is made using the same parameters as the final connection.

cmd (string) - Arbitrary Linux command to be executed on the remote host(s).

cwd (string) - Working directory where the script will be executed in

dir (string) - The working directory where the script will be copied to on the remote host.

env (object) - Environment variables which will be available to the command(e.g. key1=val1,key2=val2)

hosts (string) - A comma delimited string of a list of hosts where the remote command will be executed. For example: example1.com,example2.com,example3.com:5555

kwarg_op (string) - Operator to use in front of keyword args i.e. “–” or “-“.

parallel (boolean) - Default to parallel execution.

passphrase (string) - Passphrase for the private key, if needed.

password (string) - Password used to log in. If not provided, private key from the config file is used.

port (integer) - SSH port. If not specified as part of the hosts list, default port will be used (22).

private_key (string) - Private key material or path to the private key file on disk used to log in.

sudo (boolean) - The remote command will be executed with sudo.

sudo_password (string) - Sudo password. To be used when passwordless sudo is not allowed.

timeout (integer) - Action timeout in seconds. Action will get killed if it doesn’t finish in timeout seconds.

username (string) - Username used to log-in. If not provided, default username from config is used.

Note

If a value you specify for the private_key parameter is a path to the private key file, you
need to make sure that the user under which action runner process is running (stanley by
default) has read access to this key file. This private key file also needs be deployed and
present in the same location on all the servers where action runner component is running.

In addition to that, if you utilize path to the private key file functionality, you are strongly
encouraged to disable local runner in the config. If you don’t do that, any EWC user which has
access to core.local action will be able to read this key and this can pose a security risk.

This is a remote runner. Actions are implemented as scripts. They run on one or
more remote hosts provided by the user. The last newline character is stripped
from stdout and stderr fields in the output.

sudo_password (string) - Sudo password. To be used when passwordless sudo is not allowed.

timeout (integer) - Action timeout in seconds. Action will get killed if it doesn’t finish in timeout seconds.

username (string) - Username used to log-in. If not provided, default username from config is used.

Note

If a value you specify for the private_key parameter is a path to the private key file, you
need to make sure that the user under which action runner process is running (stanley by
default) has read access to this key file. This private key file also needs be deployed and
present in the same location on all the servers where action runner component is running.

In addition to that, if you utilize path to the private key file functionality, you are strongly
encouraged to disable local runner in the config. If you don’t do that, any EWC user which has
access to core.local action will be able to read this key and this can pose a security risk.

Windows runners are DEPRECATED as of version 2.9. These runners are replaced
by WinRM Runners which use a native Python implementation
of the WinRM protocol. Please migrate all existing actions over to these new runners. Any new
code should prefer WinRM Runners over the Windows Runners.

The legacy Windows runners will be REMOVED in version 3.1.

The Windows command runner allows you to run the command-line interpreter (cmd) and PowerShell
commands on Windows hosts.

Windows runners are DEPRECATED as of version 2.9. These runners are replaced
by WinRM Runners which use a native Python implementation
of the WinRM protocol. Please migrate all existing actions over to these new runners. Any new
code should prefer WinRM Runners over the Windows Runners.

The legacy Windows runners will be REMOVED in version 3.1.

Windows script runner allows you to run PowerShell scripts on Windows hosts.

verify_ssl_cert (boolean) - Certificate for HTTPS request is verified by default using requests CA bundle which comes from Mozilla. Verification using a custom CA bundle is not yet supported. Set to False to skip verification.

verify_ssl_cert (boolean) - Certificate for HTTPS request is verified by default using requests CA bundle which comes from Mozilla. Verification using a custom CA bundle is not yet supported. Set to False to skip verification.

verify_ssl_cert (boolean) - Certificate for HTTPS request is verified by default using requests CA bundle which comes from Mozilla. Verification using a custom CA bundle is not yet supported. Set to False to skip verification.

verify_ssl_cert (boolean) - Certificate for HTTPS request is verified by default using requests CA bundle which comes from Mozilla. Verification using a custom CA bundle is not yet supported. Set to False to skip verification.

Keep in mind that other parameters such as body, method, headers, etc. are defined
as part of the core.http action.

This is a Python runner. Actions are implemented as Python classes with a run method. They run
locally on the machine where st2actionrunner is running.

Python runner actions return an execution status (success, failure) by returning a tuple
from the Python action class run() method. The first item in this tuple is a boolean
flag indicating success/failure and the second one is the result. However, execution status is
optional i.e. the return value from action runner can either be a tuple of success status
and result or just the result object.

result (object) - result returned by the action based on success or failure.

The status flag allows users to return a result from a failing action. When the status flag is
not used the only way for action to be considered as failed is to throw an exception or exit
with a non-zero exit code.

task_name (string) - The name of the task to run for reverse workflow.

workflow (string) - The name of the workflow to run if the entry_point is a workbook of many workflows. The name should be in the format “<pack_name>.<action_name>.<workflow_name>”. If entry point is a workflow or a workbook with a single workflow, the runner will identify the workflow automatically.